Tatsuhiro Tsujikawa
cfb39171a7
nghttpx: Remove redundant StringRef ctor invocation
2017-02-16 22:45:55 +09:00
Tatsuhiro Tsujikawa
9e8d9d658a
src: Enable TLSv1.3 if OpenSSL supports it
...
If OpenSSL supports TLSv1.3, enable it by default for all applications
under src. BoringSSL can work at the moment although it does not
unlock all the features nghttpx offers. OpenSSL's TLSv1.3 support is
still WIP at the time of writing.
2017-02-15 22:34:53 +09:00
Tatsuhiro Tsujikawa
6ecfac6954
nghttpx: Parse default TLS min and max versions from string
2017-02-15 21:28:40 +09:00
Tatsuhiro Tsujikawa
56e86cd944
src: h2 requires >= TLSv1.2
2017-02-14 22:21:35 +09:00
Tatsuhiro Tsujikawa
b36e53cccd
nghttpx: Specify TLS protocol by version range
...
This commit deprecates --tls-proto-list option, and adds 2 new
options: --tls-min-proto-version and --tls-max-proto-version to
specify minimum and maximum protocol version respectively. Versions
between the two are enabled. The deprecated --tls-proto-list has
empty default value, and acts like enabling only specific protocol
versions in the range for now.
2017-02-14 00:01:09 +09:00
Tatsuhiro Tsujikawa
001d45efad
Merge branch 'nghttpx-graceful-sigusr2'
2017-02-12 23:52:03 +09:00
Tatsuhiro Tsujikawa
56c455bca4
nghttpx: Send SIGQUIT to the original master process
...
Previously, after sending SIGUSR2 to the original master process, and
the new master process gets ready, user has to send SIGQUIT to the
original master process to shut it down gracefully. With this commit,
the new master process sends SIGQUIT to the original master process
when it is ready to serve requests, eliminating for user to send
SIGQUIT manually.
This works nicely with systemd, because now you can replace nghttpx
binary with new one by "systemctl kill -s USR2 --kill-who=main
nghttpx".
2017-02-12 23:29:44 +09:00
Tatsuhiro Tsujikawa
4bf3cb2cc0
Revert "nghttpx: Don't capitalize h1 header fields"
...
This reverts commit f994664934
.
2017-02-12 23:27:38 +09:00
Tatsuhiro Tsujikawa
c78528d54b
nghttpx: Restrict HTTP major and minor in 0 or 1
2017-02-11 18:42:29 +09:00
Tatsuhiro Tsujikawa
f994664934
nghttpx: Don't capitalize h1 header fields
2017-02-11 18:41:52 +09:00
Tatsuhiro Tsujikawa
44e290da66
clang-format
2017-02-11 13:08:08 +09:00
Tatsuhiro Tsujikawa
8aed101585
Merge pull request #805 from pakdel/graceful_stop
...
graceful stop of nghttp2::asio_http2::server::http2
2017-02-11 13:07:10 +09:00
Tatsuhiro Tsujikawa
e44c58282e
Drop privilege of neverbleed daemon first
2017-02-10 17:43:19 +09:00
Tatsuhiro Tsujikawa
c02b1041d9
nghttpx: Use nullptr instead of NULL
2017-02-10 17:14:47 +09:00
Tatsuhiro Tsujikawa
23209baaf5
clang-format
2017-02-10 17:02:46 +09:00
Tatsuhiro Tsujikawa
9d2503f9c0
Merge pull request #802 from zdzichu/master
...
nghttpx: add systemd support
2017-02-10 16:17:01 +09:00
Amir Pakdel
1c31213aef
More graceful stop of nghttp2::asio_http2::server::http2
...
Explicit io_service::stop() will prevent running streams from
finishing their task. That means if there are already reposnes
that we have called end(std::string) on them and they have not
finished sending back their data, they will be closed with a
NGHTTP2_INTERNAL_ERROR
Instead, we can stop accepting connections and destroy all
io_service::work objects to signals end of work.
2017-02-09 23:34:19 -05:00
Tomasz Torcz
fdb75ba5fe
nghttpx: add systemd support
...
Add systemd's Type=notify support by sending information about
master process PID around forks.
Add some hardening option to service unit.
2017-02-09 18:58:00 +01:00
Tatsuhiro Tsujikawa
8f888b29bd
clang-format
2017-02-09 21:00:47 +09:00
clemahieu
298808f276
Holding more shared_ptrs instead of raw ptrs to make sure called objects don't get deleted.
2017-02-09 21:00:11 +09:00
Tatsuhiro Tsujikawa
a231874e1e
Merge branch 'nghttpx-certs-per-sigalg'
2017-02-08 23:36:23 +09:00
Tatsuhiro Tsujikawa
2101f4ae3f
Merge branch 'mruby-send-1xx'
2017-02-08 22:18:11 +09:00
Tatsuhiro Tsujikawa
4a06f9684f
nghttpx: Fix crash on SIGHUP with multi thread configuration
2017-02-08 22:14:23 +09:00
Tatsuhiro Tsujikawa
9a85c5264a
nghttpx: Send 1xx non-final response using mruby script
2017-02-08 00:30:03 +09:00
Tatsuhiro Tsujikawa
68a724cf7b
nghttpx: Select certificate by client's supported signature algo
...
nghttpx supports multiple certificates using --subcert option.
Previously, SNI hostname is used to select certificate. With this
commit, signature algorithm presented by client is also taken into
consideration. nghttpx now accepts certificates which share the same
hostname (CN, SAN), but have different signature algorithm (e.g.,
ECDSA+SHA256, RSA+SHA256).
Currently, this feature requires OpenSSL >= 1.0.2. BoringSSL, and
LibreSSL do not work since they lack required APIs.
2017-02-04 23:37:24 +09:00
Tatsuhiro Tsujikawa
779ec50e73
Merge pull request #795 from clemahieu/close_stream_iterator
...
close_stream erases from streams_ while it's being iterated over.
2017-02-04 11:37:43 +09:00
Tatsuhiro Tsujikawa
1649948e78
asio: Add curly brackets to avoid possible well known issue
2017-02-04 11:33:21 +09:00
clemahieu
6d3e010ae7
Infinite loop in acceptor handler.
2017-02-04 11:31:12 +09:00
Tatsuhiro Tsujikawa
7dddac081e
clang-format
2017-02-04 11:29:10 +09:00
clemahieu
f0b6b9508d
close_stream erases from streams_ while it's being iterated over.
...
The destructor will already clean this structure up.
2017-02-03 01:36:18 -06:00
Benedikt Christoph Wolters
14ccb24be5
add support for link rel="preload" for --get-assets
2017-02-01 15:54:15 +01:00
Tatsuhiro Tsujikawa
025ec85144
Merge pull request #790 from nghttp2/nghttpx-backend-frontend-tls-parameter
...
nghttpx: Add frontend-tls parameter to backend to require client TLS
2017-01-31 21:49:51 +09:00
Tatsuhiro Tsujikawa
bd97886d8e
nghttpx: Use stack allocated buffer instead of making std::string
2017-01-29 22:11:33 +09:00
Tatsuhiro Tsujikawa
0b1ddad62b
nghttpx: Add frontend-tls parameter to backend to require client TLS
2017-01-28 22:19:14 +09:00
Tatsuhiro Tsujikawa
540853bde8
nghttpx: Fix typo
2017-01-28 22:18:17 +09:00
Tatsuhiro Tsujikawa
1cc08c0a51
nghttpx: Show warning if PSK options are used but not supported
2017-01-26 20:34:58 +09:00
Bernard Spil
16be89f9cc
nghttpx: Don't build PSK features with LibreSSL
...
LibreSSL removed PSK
Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
2017-01-26 20:21:55 +09:00
Tatsuhiro Tsujikawa
3ddc446ba2
nghttpx: Enable backend pattern matching with http2-proxy
2017-01-26 01:04:27 +09:00
Tatsuhiro Tsujikawa
b72c5f104e
h2load: Fix wrong req_stat updates
2017-01-26 00:26:35 +09:00
Tatsuhiro Tsujikawa
7e6eb7e02a
h2load: Explicitly count the number of requests left and inflight
2017-01-26 00:16:12 +09:00
Tatsuhiro Tsujikawa
ba9f2c3ae2
Compile with Android NDK r13b using clang
2017-01-23 00:32:51 +09:00
Tatsuhiro Tsujikawa
5311185333
nghttpx: Define the maximum number of digits in uint64_t
2017-01-22 22:33:52 +09:00
Tatsuhiro Tsujikawa
2fc2a27ac1
nghttpx: Use char instead of char[] if possible
2017-01-22 22:28:14 +09:00
Tatsuhiro Tsujikawa
db938afd66
nghttpx: Increase default backlog
2017-01-20 23:06:24 +09:00
Tatsuhiro Tsujikawa
89ddc47616
nghttpx: More constexpr
2017-01-20 23:04:48 +09:00
Tatsuhiro Tsujikawa
3176e872b3
nghttpx: Efficient access.log writer
...
Write integer to log buffer directly to improve efficiency. Remove
unused function templates. Use [first, last) style arguments for
copy() function templates.
2017-01-20 22:42:41 +09:00
Tatsuhiro Tsujikawa
16206d5f67
nghttp: Use std::unique_ptr for html_parser
2017-01-18 00:34:39 +09:00
Tatsuhiro Tsujikawa
0f33749790
nghttp: Take into account scheme and port when parsing HTML links
...
Previously, when parsing HTML links, we only take into account
overridden host. But we actually need more variables to consider. In
this commit, we take into account overridden scheme, host, and port to
parse HTML links.
2017-01-18 00:29:51 +09:00
Tatsuhiro Tsujikawa
5e7e4c0cc0
nghttp: config.headers should be inspected rather than req->req_nva
2017-01-17 23:00:37 +09:00
Benedikt Christoph Wolters
8f513fceca
Fix authority for --get-assets if IP adress is used in conjunction with user-defined :authority header
2017-01-17 21:14:36 +09:00
Tatsuhiro Tsujikawa
685e926494
nghttpx: Add --accesslog-write-early option
...
--accesslog-write-early option is analogous to HAProxy's logasap. If
used, nghttpx writes access log when response header fields are
received from backend rather than when request transaction finishes.
2017-01-13 22:12:21 +09:00
Tatsuhiro Tsujikawa
a2afd393ed
nghttpx: Remove field from LogSpec which can be got from Downstream
2017-01-11 22:30:12 +09:00
Tatsuhiro Tsujikawa
33aa327ef5
nghttpx: Fix access.log timestamp
...
access.log timestamp is now when request header fields are received,
rather than when access log is written.
2017-01-11 20:47:17 +09:00
Tatsuhiro Tsujikawa
9067ff5eee
nghttp: Use nghttp2::ssl::DEFAULT_CIPHER_LIST
2017-01-09 23:50:38 +09:00
Tatsuhiro Tsujikawa
efeede4192
nghttpx: Fix typo
2017-01-09 23:49:10 +09:00
Tatsuhiro Tsujikawa
6a8749873f
nghttpx: Add detailed TLS connection logging
2017-01-09 23:32:35 +09:00
Tatsuhiro Tsujikawa
9b574a5a76
nghttpx: Fix typo
2017-01-09 22:19:19 +09:00
Tatsuhiro Tsujikawa
0567f1f038
Add constexpr to StringRef(const CharT *, size_t)
2017-01-09 21:15:53 +09:00
Tatsuhiro Tsujikawa
4be5de1163
src: Move log related functions from util.cc to shrpx_log.cc
2017-01-09 19:34:40 +09:00
Tatsuhiro Tsujikawa
9db1c9467c
src: Add constexpr to long_options
2017-01-09 19:28:00 +09:00
Tatsuhiro Tsujikawa
3444b42d44
src: Add more constexpr
2017-01-09 17:17:48 +09:00
Tatsuhiro Tsujikawa
6595ae26ea
src: Add constexpr to const objects
2017-01-09 17:11:37 +09:00
Tatsuhiro Tsujikawa
7e1a0d204b
h2load: Show default cipher list in -h
2017-01-09 14:47:32 +09:00
Tatsuhiro Tsujikawa
cbca2e35b5
nghttpx: Show default cipher list in -h
2017-01-09 14:43:13 +09:00
Tatsuhiro Tsujikawa
fc9bdf024f
src: Make DEFAULT_CIPHER_LIST constexpr char[]
2017-01-09 14:42:40 +09:00
Tatsuhiro Tsujikawa
4fa150c494
nghttpx: Use Memchunk based read buffer for frontend connection
...
Previously, we have dedicated read buffer for each frontend
connection. With this commit, the buffer spaces are only used when
needed, and pooled if they are not used. This reduces memory usage
for idle client connections.
2017-01-08 23:20:14 +09:00
Tatsuhiro Tsujikawa
e8b2508036
nghttpx: Rename confusing names in HttpDownstreamConnection
2017-01-08 23:09:00 +09:00
Tatsuhiro Tsujikawa
ac399e41ac
nghttpx: Update doc
...
Mention client-ciphers, and no-http2-cipher-black-list options in
psk-secrets and client-psk-secrets options.
2017-01-08 23:04:07 +09:00
Tatsuhiro Tsujikawa
9c7e54d9b5
nghttpx: Add client-ciphers option
...
Previously, ciphers option sets cipher list for both frontend and
backend TLS connections. With this commit, ciphers option only sets
cipher list for frontend connections. The new client-ciphers option
sets cipher list for backend connection.
2017-01-08 22:40:58 +09:00
Tatsuhiro Tsujikawa
3c03024881
nghttpx: Add client-no-http2-cipher-black-list option
...
This commit adds client-no-http2-cipher-black-list option to disable
enforcement of HTTP/2 cipher black list on backend HTTP/2 connection.
Previously, existing no-http2-cipher-black-list option disables it for
both frontend and backend connections. Now no-http2-cipher-black-list
option only disables it for frontend connection.
2017-01-08 22:33:19 +09:00
Tatsuhiro Tsujikawa
36dfc0a56a
nghttpx: Reorganize client side TLS configuration
2017-01-08 22:25:30 +09:00
Tatsuhiro Tsujikawa
55bf6cdb15
Merge branch 'nghttpx-psk'
2017-01-08 21:10:07 +09:00
Tatsuhiro Tsujikawa
0abc220013
nghttpx: Fix the bug that no-http2-cipher-black-list does not work
...
Because of the redundant check in backend HTTP/2 session,
no-http2-cipher-black-list does not work on backend HTTP/2 connection.
This commit fixes it.
2017-01-08 19:43:24 +09:00
Tatsuhiro Tsujikawa
c28900990a
h2load: Show custom server temp key such as X25519
2017-01-08 17:58:19 +09:00
Tatsuhiro Tsujikawa
5108193d7b
h2load: Fix incorrect return value from spdylay_send_callback
2017-01-08 17:32:35 +09:00
Tatsuhiro Tsujikawa
79a24f5dd9
nghttpx: Add --client-psk-secret option to enable PSK in backend
2017-01-08 00:35:55 +09:00
Tatsuhiro Tsujikawa
83c759572c
nghttpx: Add --psk-secret option to enable PSK in frontend connection
2017-01-08 00:35:54 +09:00
Tatsuhiro Tsujikawa
1a07fb000b
nghttpx: Enable SCT with OpenSSL 1.1.0
2017-01-06 21:29:04 +09:00
Tatsuhiro Tsujikawa
b064d8a9ff
Merge branch 'nghttpx-fronend-proxyproto'
2017-01-03 17:28:20 +09:00
Tatsuhiro Tsujikawa
c6827a7dac
nghttpx: Fix assertion error in libev ev_io_start
2017-01-03 16:43:49 +09:00
Tatsuhiro Tsujikawa
55ecb082ee
nghttpx: Handle c-ares success without result
2017-01-03 14:35:05 +09:00
Tatsuhiro Tsujikawa
b313386988
nghttpx: Add proxyproto to frontend option to accept PROXY protocol
...
Previously, global accept-proxy-protocol option enables PROXY protocol
support for all frontend listeners, but this was inflexible. To fix
this issue, accept-proxy-protocol option is now deprecated, and
instead proxyproto parameter in frontend option enables PROXY protocol
support per frontend.
2017-01-03 12:47:03 +09:00
Tatsuhiro Tsujikawa
3933280d29
src: Fix assertion error with boringssl
...
boringssl says:
/* It is an error to clear any bits that have already been set. (We can't try
* to get a second close_notify or send two.) */
assert((SSL_get_shutdown(ssl) & mode) == SSL_get_shutdown(ssl));
2017-01-02 11:48:38 +09:00
Tatsuhiro Tsujikawa
d1ba43a69f
nghttpx: Fix bug that DNS timeout was erroneously disabled
2016-12-30 11:09:02 +09:00
Tatsuhiro Tsujikawa
a0779edec4
nghttpx: Fix bug that DNS timeout was ignored
2016-12-30 11:08:26 +09:00
Tatsuhiro Tsujikawa
25df164219
nghttpx: Don't write again after failure
...
Plain write(2) is OK, but SSL_write requires same arguments on retry.
It would be better to avoid calling them again.
2016-12-26 00:35:38 +09:00
Tatsuhiro Tsujikawa
bcfa333322
nghttpx: Refactor h1 backend retry code
2016-12-25 22:19:51 +09:00
Tatsuhiro Tsujikawa
c4aeadd57d
nghttpx: Retry h1 backend request if first write fails
2016-12-25 22:19:51 +09:00
Tatsuhiro Tsujikawa
e6b4454e48
Merge branch 'nghttpx-better-early-final-response-handling'
2016-12-24 23:02:52 +09:00
Tatsuhiro Tsujikawa
3226d21609
Merge pull request #755 from nghttp2/nghttpx-h1-frontend-keep-alive-timeout
...
nghttpx: Add frontend-keep-alive-timeout option
2016-12-24 23:01:17 +09:00
Tatsuhiro Tsujikawa
3d20c2dce6
nghttpx: Feed read event rather than calling on_read
...
on_read may fail, but we failed to check its return value most of the
places. This is because failure means deletion of ClientHandler, but
because of architecture, we cannot delete it. Feeding read event is
better since we can move call on_read from libev callback. We can
delete ClientHandler form there.
2016-12-24 22:57:59 +09:00
Tatsuhiro Tsujikawa
cd83d70e7b
nghttpx: Don't reset stream if we have already received response
2016-12-24 22:54:22 +09:00
Tatsuhiro Tsujikawa
a0ce5ea9ab
nghttpx: Keep reading after backend write failed
...
Because of bidirectional nature of TCP, we may fail write(2), but have
still pending read in TCP buffer, which may contain response body. To
forward them, we should keep reading until get EOF from backend.
To avoid stalling HTTP/1 upload when request buffer is full, and we
have received complete response from backend, drop connection in that
case.
2016-12-24 22:50:02 +09:00
Tatsuhiro Tsujikawa
3c600c103f
nghttpx: Add frontend-keep-alive-timeout option
2016-12-23 11:01:29 +09:00
Tatsuhiro Tsujikawa
841ac75c3e
nghttpx: Clarify that backend-keep-alive-timeout applies to h1 only
2016-12-23 10:49:39 +09:00
Tatsuhiro Tsujikawa
359730af54
Fix regression in ff64f64e1d
2016-12-21 23:19:10 +09:00
Tatsuhiro Tsujikawa
049e064e28
nghttpx: New error log format
...
To debug multi threaded configuration easier, we added current PID and
thread ID to error log. Previously, we didn't add date and time if
log level is NOTICE. In this change, we always write date and time
regardless of log level.
2016-12-20 23:13:19 +09:00
Tatsuhiro Tsujikawa
0463928a1e
nghttpx: Fix uninitialized errors found by coverity scan
2016-12-18 22:16:52 +09:00
Tatsuhiro Tsujikawa
02d34c8c4c
nghttpx: Fix dead code found by coverity scan
2016-12-18 22:14:26 +09:00
Tatsuhiro Tsujikawa
cab0a76795
Use pkg-config to detect libxml2
2016-12-18 00:20:30 +09:00
Tatsuhiro Tsujikawa
22bd9fb530
nghttpx: Set DNS cache expire date for error and ok statuses only
2016-12-11 11:49:24 +09:00
Tatsuhiro Tsujikawa
c487cd888f
nghttpx: Periodically remove expired DNS cache entries
2016-12-11 10:42:54 +09:00
Tatsuhiro Tsujikawa
fd403a85c8
nghttpx: Just return DNS_STATUS_ERROR
...
At the moment, we use both resolvers, and if either one is not
DNS_STATUS_IDLE, the other one is also not DNS_STATUS_IDLE. This may
change if we are going to configure DNS so that either A or AAAA
lookup is done. In that case, it is better to just return
DNS_STATUS_ERROR in the diff. This is because the calling side does
not expect DNS_STATUS_IDLE in that case.
2016-12-11 10:39:19 +09:00
Tatsuhiro Tsujikawa
a06a8c36a4
nghttpx: Add --dns-lookup-timeout and --dns-max-try options
2016-12-11 00:50:16 +09:00
Tatsuhiro Tsujikawa
0967ee9cb9
nghttpx: Better logging for DNS resolver
2016-12-10 23:10:18 +09:00
Tatsuhiro Tsujikawa
d66d34f9b9
Add libc-ares detection to cmake
2016-12-10 22:40:18 +09:00
Tatsuhiro Tsujikawa
264a98d106
nghttpx: Call c-ares initialization/cleanup functions
2016-12-10 21:41:03 +09:00
Tatsuhiro Tsujikawa
d66377d4b6
nghttpx: Add dns-cache-timeout option
...
This option controls how long cached DNS entries remain valid.
2016-12-10 21:09:51 +09:00
Tatsuhiro Tsujikawa
38b5cad4e3
nghttpx: Lookup backend host name dynamically
...
We have added "dns" parameter to backend option. If specified, name
lookup is done dynamically. If not, name lookup is done at start up,
or configuration reloading. nghttpx caches DNS result including error
case in 30 seconds in this commit. Later commit makes this
configurable.
DNS resolution is done asynchronously using c-ares library.
2016-12-10 21:09:50 +09:00
Tatsuhiro Tsujikawa
b6a9cf9ffa
nghttpx: Accept and ignore content-length: 0 in 204 response for now
2016-12-03 14:57:48 +09:00
Tatsuhiro Tsujikawa
85ba33c08f
nghttpx: Wait for child process to exit
...
Normally, we don't have wait for child process to exit, since init can
take care of them. But in containerized environment, pid 0 init might
not be available, and defunct processes can be piled up. This commit
ensures that OCSP and neverbleed processes are waited for before
worker process exits.
2016-11-30 22:59:02 +09:00
Tatsuhiro Tsujikawa
ff64f64e1d
nghttpx: Faster HTTP/1 frontend
2016-11-29 20:42:27 +09:00
Tatsuhiro Tsujikawa
2ff31bdd2b
nghttpx: Remove redundant check
2016-11-26 22:34:24 +09:00
Tatsuhiro Tsujikawa
2fa3d34af1
nghttpx: Use Connection::again_rt() in MemcachedConnection
2016-11-26 19:45:23 +09:00
Tatsuhiro Tsujikawa
fa3452ec68
nghttpx: Use Connection::again_rt() in LiveCheck
2016-11-26 19:45:23 +09:00
Tatsuhiro Tsujikawa
7451f2f212
nghttpx: Fix frequent crash with --backend-http-proxy-uri
2016-11-26 19:45:23 +09:00
Tatsuhiro Tsujikawa
e9ab75a386
nghttpx: Robust backend read timeout
2016-11-26 19:45:23 +09:00
Tatsuhiro Tsujikawa
d83949bc88
asio: server: Call on_close callback on connection close
2016-11-21 22:43:23 +09:00
Tatsuhiro Tsujikawa
50f42a80c9
nghttpx: Fix bug that mishandles response header from h1 backend
2016-11-18 22:33:29 +09:00
Tatsuhiro Tsujikawa
2b75aff32e
nghttpx: Fix bug that zero-length POST is not forwarded
2016-11-11 00:48:32 +09:00
Tatsuhiro Tsujikawa
f4474d57ec
nghttpx: Fix compile error with gcc
2016-11-07 23:11:52 +09:00
Tatsuhiro Tsujikawa
8471c9e92e
nghttpx: Parse te header field a bit more properly
2016-11-07 22:47:48 +09:00
Tatsuhiro Tsujikawa
f5a4c9d971
nghttpx: Don't copy non-final nva since they are backed by Downstream
2016-11-04 22:06:01 +09:00
Tatsuhiro Tsujikawa
a0dd8918eb
nghttpx: Don't mutate *_key_prev_ in add_header
2016-11-04 22:04:42 +09:00
Tatsuhiro Tsujikawa
baa9b1cac0
nghttpx: Remove optional reason-phrase from SPDY :status
2016-11-04 21:16:45 +09:00
Tatsuhiro Tsujikawa
38443d2195
nghttpx: Small optimization
2016-11-04 21:13:22 +09:00
Tatsuhiro Tsujikawa
208d71561a
src: Add missing mandatory SP after status code
2016-11-04 02:19:37 +09:00
Tatsuhiro Tsujikawa
25fbc7b435
nghttpx: Reset flags as well
2016-11-04 02:00:50 +09:00
Tatsuhiro Tsujikawa
6bd95d885d
Merge pull request #723 from nghttp2/strict-http-framing
...
Strict http framing
2016-11-03 23:30:38 +09:00
Tatsuhiro Tsujikawa
6bcdb178a5
nghttpx: Header key and value must be string in mruby script
2016-11-03 22:58:45 +09:00
Tatsuhiro Tsujikawa
5e10cc4cad
nghttpx: Use gc save/restore around downcase method
2016-11-03 22:47:52 +09:00
Tatsuhiro Tsujikawa
95e6c875f0
nghttpx: Use mrb_ary_ref instead of mrb_ary_entry
2016-11-03 22:44:42 +09:00
Tatsuhiro Tsujikawa
6eb2829ee8
nghttpx: Strip content-length with 204 or 200 to CONNECT in mruby
2016-11-03 22:25:15 +09:00
Tatsuhiro Tsujikawa
e082b7be72
nghttpx: Strict handling for Content-Length or Transfer-Encoding in h1
...
We now treat Content-Length or Transfer-Encoding as error if they come
with 204 or 1xx status code, or 200 to a CONNECT request in HTTP/1
response.
2016-11-03 17:00:05 +09:00
Tatsuhiro Tsujikawa
da01d8dedb
nghttpx: Delete outdated comment
2016-11-03 16:48:24 +09:00
dalf
d448eb54f9
Fix compilation with BoringSSL
2016-10-27 10:00:52 +00:00
Tatsuhiro Tsujikawa
46d1e6bb55
nghttpx: Increase block size of connection wide allocator to 512
2016-10-24 21:06:37 +09:00
Tatsuhiro Tsujikawa
3a831fa95c
nghttpx: Fix file descriptor leak in read_tls_sct_from_dir
2016-10-24 20:30:30 +09:00
Tatsuhiro Tsujikawa
5b9cacc2d7
nghttpx: Discard iaddrs early
2016-10-23 19:55:58 +09:00
Tatsuhiro Tsujikawa
10a84f3e3d
nghttpx: Rename errbuf for neverbleed as nb_errbuf for clarification
2016-10-23 19:26:22 +09:00
Tatsuhiro Tsujikawa
c42715ed6a
nghttpx: Fix compile error with --disable-threads
2016-10-23 19:26:22 +09:00
Tatsuhiro Tsujikawa
177d51ddab
nghttpx: Use thread_local if it is available
2016-10-23 19:26:22 +09:00
Tatsuhiro Tsujikawa
6c882e1ece
asio: Avoid repeated call of io_service::post
2016-10-20 22:12:31 +09:00
Tatsuhiro Tsujikawa
f09c5c4bf9
xsi_strerror: Use stddef.h so that we can use size_t
2016-10-19 23:50:28 +09:00
Tatsuhiro Tsujikawa
08a9a2eca9
asio: Fix bug when end() is called outside nghttp2 callback
2016-10-19 23:17:43 +09:00
Tatsuhiro Tsujikawa
19f1785cde
nghttpx: Avoid extra allocation on look up host key
2016-10-18 22:19:53 +09:00
Tatsuhiro Tsujikawa
8b64e7b4e1
src: Add XSI-compliant version strerror_r
2016-10-16 22:47:56 +09:00
Tatsuhiro Tsujikawa
3de2654223
src: Add noexcept to move constructor and assignment operator
2016-10-15 18:51:22 +09:00
Tatsuhiro Tsujikawa
0cf6848646
clang-format-3.9
2016-10-15 18:36:04 +09:00
Tatsuhiro Tsujikawa
1a37044d3c
nghttpx: Use pre-allocated buffer for timestamp string
2016-10-11 22:32:26 +09:00
Tatsuhiro Tsujikawa
00a8c378d4
nghttpx: Add --backend-connect-timeout option
2016-10-10 22:50:41 +09:00
Tatsuhiro Tsujikawa
7549341081
Fix typo
2016-10-10 15:35:12 +09:00
Tatsuhiro Tsujikawa
5db8473f12
Fix build error with OpenSSL < 1.0.2 (again)
2016-10-09 19:34:32 +09:00
Tatsuhiro Tsujikawa
00b89f10bd
Fix build error with OpenSSL < 1.0.2
2016-10-09 18:54:18 +09:00
Tatsuhiro Tsujikawa
412c8f9e67
nghttpx: Add TLS signed_certificate_timestamp extension support
2016-10-09 18:43:36 +09:00
Tatsuhiro Tsujikawa
2795da840c
nghttpx: Apply timeout for incoming header block
2016-10-09 17:18:43 +09:00
Tatsuhiro Tsujikawa
175c7886ea
nghttpx: Update doc
2016-10-09 17:18:29 +09:00
Tatsuhiro Tsujikawa
4a4b2cf538
nghttpx: Embed Process into OCSPUpdateContext
2016-10-08 15:26:13 +09:00
Tatsuhiro Tsujikawa
2c2188c09d
nghttpx: Refactor ocsp command execution
...
We have now generic read-only command execution in shrpx_exec.{h,cc}.
2016-10-08 15:22:11 +09:00
Tatsuhiro Tsujikawa
cdb1d6b462
nghttpx: Add P-384 and P-521 to the default of --ecdh-curves option
2016-10-08 11:44:03 +09:00
Tatsuhiro Tsujikawa
1b4ccd0d51
nghttpx: Don't call get_config() repeatedly
2016-10-08 11:37:18 +09:00
Tatsuhiro Tsujikawa
8babaac8c3
nghttpx: Add --ecdh-curves option to specify list of named curves
...
This option requires OpenSSL >= 1.0.2. With OpenSSL 1.0.2, the
default value is "P-256". With OpenSSL 1.1.0 or later, the default
value is "X25519:P-256".
2016-10-08 10:50:56 +09:00
Tatsuhiro Tsujikawa
d1624d6929
h2load: Format default value of header table size with unit
2016-10-06 23:16:30 +09:00
Tatsuhiro Tsujikawa
e4472b5aec
h2load: Add --header-table-size and --encoder-header-table-size options
2016-10-06 22:26:31 +09:00
Tatsuhiro Tsujikawa
9439ba75d3
nghttpx: Fix heap-use-after-free when executing new binary
2016-10-04 00:32:02 +09:00
Tatsuhiro Tsujikawa
9254c563ca
Fix compile error with gcc
2016-10-03 22:52:14 +09:00
Tatsuhiro Tsujikawa
96ff3be5e6
nghttpx: Use allocator of new config since this may happen multiple times
2016-10-03 22:09:46 +09:00
Tatsuhiro Tsujikawa
3d5d76ba74
nghttpx: Update doc
2016-10-03 22:09:46 +09:00
Tatsuhiro Tsujikawa
8c1e155f44
nghttpx: Make it simple to calculate length
2016-10-03 22:09:46 +09:00
Tatsuhiro Tsujikawa
dba0d2791c
nghttpx: Use emplace_back instead of push_back
2016-10-03 22:09:46 +09:00
Tatsuhiro Tsujikawa
f310e82fc8
nghttpx: Update doc
2016-10-03 22:09:46 +09:00
Tatsuhiro Tsujikawa
1240e55bb6
nghttpx: Use const ref
2016-10-03 22:09:45 +09:00
Tatsuhiro Tsujikawa
75039c573c
base64: Assert that input is multiple of 4
2016-10-03 22:09:45 +09:00
Tatsuhiro Tsujikawa
4b5179a544
nghttpx: Fix bug in util::make_hostport
2016-10-03 22:09:45 +09:00
Tatsuhiro Tsujikawa
8efccddcf4
nghttpx: Use StringRef for HttpProxy
2016-10-03 22:09:45 +09:00
Tatsuhiro Tsujikawa
97843e3874
nghttpx: Use StringRef for tls_proto_list
2016-10-03 22:09:45 +09:00
Tatsuhiro Tsujikawa
5dd2704051
nghttpx: Use StringRef for tls.npn_list
2016-10-03 22:09:45 +09:00
Tatsuhiro Tsujikawa
de7b7fd440
nghttpx: Use StringRef for tls.subcerts
2016-10-03 22:09:45 +09:00
Tatsuhiro Tsujikawa
1037d3ad26
nghttpx: Use StringRef for tls.ticket.files
2016-10-03 22:09:45 +09:00
Tatsuhiro Tsujikawa
c4368a9416
nghttpx: Use StringRef for AltSvc fields
2016-10-03 22:09:45 +09:00
Tatsuhiro Tsujikawa
fdc1eb526b
nghttpx: Use HeaderRefs for add_request_headers and add_response_headers
2016-10-03 22:09:45 +09:00
Tatsuhiro Tsujikawa
99a91e3172
nghttpx: Add BlockAllocator to Config object
2016-10-03 22:09:45 +09:00
Tatsuhiro Tsujikawa
272cfa320e
nghttpx: Use BlockAllocator per DownstreamConfig
2016-10-02 22:28:43 +09:00
Tatsuhiro Tsujikawa
f5285d1f5a
nghttpx: Add BlockAllocator to SharedDownstreamAddr
2016-10-02 22:28:43 +09:00
Tatsuhiro Tsujikawa
ede6104900
nghttpx: Increase block size for connection wide BlockAllocator
2016-10-02 22:28:43 +09:00
Tatsuhiro Tsujikawa
5aec60fbeb
nghtpx: Add BlockAllocator version of base64
2016-10-02 22:28:43 +09:00
Tatsuhiro Tsujikawa
e1a865c406
nghttpx: Add BlockAllocator version of util::formax_hex
2016-10-02 22:28:42 +09:00
Tatsuhiro Tsujikawa
5e03b6a0db
nghttpx: Use BlockAllocator for util::quote_string
2016-10-02 00:07:26 +09:00
Tatsuhiro Tsujikawa
b85924bf70
nghttpx: Use BlockAllocator to encode alt-svc token
2016-10-02 00:00:46 +09:00
Tatsuhiro Tsujikawa
19707aac55
nghttpx: Use StringRef for sni_name_
2016-10-01 22:54:17 +09:00
Tatsuhiro Tsujikawa
9ad873fc06
nghttpx: Remove unused function declaration
2016-10-01 22:54:17 +09:00
Tatsuhiro Tsujikawa
8a9810ed32
nghttpx: Add BlockAllocator to ClientHandler
2016-10-01 22:54:17 +09:00
Tatsuhiro Tsujikawa
68a6d8c50b
nghttpx: Realloc header buffer
2016-10-01 22:52:02 +09:00
Tatsuhiro Tsujikawa
600605400c
nghttpx: Don't send RST_STREAM CANCEL to a pushed stream repeatedly
2016-09-27 23:49:01 +09:00
Tatsuhiro Tsujikawa
69b53b9aaa
nghttpx: Handle graceful shutdown with client IP affinity enabled
2016-09-22 23:17:49 +09:00
Tatsuhiro Tsujikawa
231d739b10
nghttpx: Improve performance with h1 backend when request body is involved
2016-09-22 20:46:50 +09:00
Tatsuhiro Tsujikawa
e1dfff8929
Use std::atomic_* overloads for std::shared_ptr if available
2016-09-20 22:39:01 +09:00
Tatsuhiro Tsujikawa
db1716ae93
Fix -Wexpansion-to-defined warning with clang-3.9
...
The error message was:
warning: macro expansion producing 'defined' has undefined
behavior [-Wexpansion-to-defined]
http://lists.llvm.org/pipermail/cfe-commits/Week-of-Mon-20160118/147239.html
2016-09-19 22:07:03 +09:00
Tatsuhiro Tsujikawa
03ba399176
nghttpx: Update doc
2016-09-17 22:38:06 +09:00
Tatsuhiro Tsujikawa
751d66a397
nghttpd: Check maximum value of -c option
2016-09-17 22:38:05 +09:00
Tatsuhiro Tsujikawa
3ec71bf5a2
nghttpd: Add --encoder-header-table-size option
2016-09-17 22:38:05 +09:00
Tatsuhiro Tsujikawa
f19b0724a3
nghttp: Check maximum value of -c option
2016-09-17 22:38:05 +09:00
Tatsuhiro Tsujikawa
a7e0a69f97
nghttp: Add --encoder-header-table-size option
2016-09-17 22:38:05 +09:00
Tatsuhiro Tsujikawa
e532e20491
Merge branch 'master' into set-max-deflate-dynamic-table-size
2016-09-17 22:02:41 +09:00
Tatsuhiro Tsujikawa
3e1cfa8e99
nghttpx: Don't check downstream existence since dconn is one-to-one with it
2016-09-15 22:11:26 +09:00
Tatsuhiro Tsujikawa
a100df9cae
nghttpx: Remove redundant check using get_downstream_stream_id
2016-09-15 22:06:52 +09:00
Tatsuhiro Tsujikawa
56284b1e15
nghttpx: Fix regression introduced in f267e400fa
2016-09-15 22:03:04 +09:00
Tatsuhiro Tsujikawa
f267e400fa
nghttpx: Migrate backend stream to another h2 session on graceful shutdown
2016-09-15 00:53:41 +09:00
Tatsuhiro Tsujikawa
8bac5899cc
nghttpx: Handle h2 backend error per Downstream
...
Previously we wrongly handles stream per connection when h2 backend
failed or closed. If upstream is h2 or spdy, streams which are not
associated to the failed h2 backend are also handled, which is
unnecessary.
2016-09-14 22:18:38 +09:00
Tatsuhiro Tsujikawa
f4016644a9
nghttpx: Add option to specify HPACK encoder/decoder dynamic table size
2016-09-12 22:53:02 +09:00
Tatsuhiro Tsujikawa
d9bc6d04f7
nghttpx: Log client address
2016-09-11 23:30:33 +09:00
Tatsuhiro Tsujikawa
a3a6b91c5f
src: Rename OPENSSL_101_API macro as OPENSSL_1_1_API
2016-09-11 00:38:20 +09:00
Tatsuhiro Tsujikawa
d508a0c72c
nghttpx: Defer validation of request form after mruby handler
2016-09-10 22:09:13 +09:00
Tatsuhiro Tsujikawa
bc31146c1f
nghttpx: Add tls_sni to mruby Nghttpx::Env class
...
tls_sni returns TLS SNI value which client sent in this TLS
connection.
2016-09-10 22:08:34 +09:00
Tatsuhiro Tsujikawa
1ad7d5e366
nghttpx: Fix compile error gcc (again)
2016-09-10 17:13:01 +09:00
Tatsuhiro Tsujikawa
456038e3de
nghttpx: Fix compile error with gcc
2016-09-10 16:51:35 +09:00
Tatsuhiro Tsujikawa
9aa26970be
nghttpx: Comment out TCP logging since it is too verbose
2016-09-10 16:49:15 +09:00
Tatsuhiro Tsujikawa
20c39fa843
nghttpx: Use default connection window size with window size optimization
2016-09-10 16:45:28 +09:00
Tatsuhiro Tsujikawa
f5a2f1da25
nghttpx: Add --frontend-http2-window-size option, and its family
...
We added --frontend-http2-window-size,
--frontend-http2-connection-window-size, --backend-http2-window-size,
and --backend-http2-connection-window-size option to replace existing
*-bits options. The old options are not flexible because they only
specify number of bits. Now we can specify integer value, with
possible g, m, and k unit. The old options are still available for
backend compatibility, but are deprecated.
2016-09-10 16:27:48 +09:00
Tatsuhiro Tsujikawa
27b250ac8e
nghttpx: Add experimental TCP optimization for h2 frontend
2016-09-10 16:27:48 +09:00
Tatsuhiro Tsujikawa
1dabe43ff4
nghttpx: Workaround for std::make_shared bug in Xcode7, 7.1, and 7.2
...
std::make_shared in Xcode 7, 7.1, and 7.2 does not perform
value-initialization, and causes undefined behaviour if struct does
not have user defined default constructor. This workaround explicitly
defines user defined default constructor, and initializes values.
2016-09-04 23:30:24 +09:00
Tatsuhiro Tsujikawa
ded576f423
nghttpx: Fix bug that bytes are doubly counted for TLS connections
2016-09-04 17:28:50 +09:00
Tatsuhiro Tsujikawa
136aae725f
nghttpx: Add --no-server-rewrite option not to rewrite server header field
2016-08-31 23:47:15 +09:00
Tatsuhiro Tsujikawa
99dc31ff1a
nghttpx: Retry if backend h1 connection cannot be established due to timeout
2016-08-30 23:37:49 +09:00
Tatsuhiro Tsujikawa
1064e017c6
nghttpx: Reset stream if invalid header field is received in h2
2016-08-28 00:49:38 +09:00
Tatsuhiro Tsujikawa
6ba1abac6c
src: Only consider openssl 1.1.0 final
2016-08-27 00:45:16 +09:00
Tatsuhiro Tsujikawa
0110d2f9f8
Fix compile error with openssl 1.1.0
2016-08-27 00:02:03 +09:00
Tatsuhiro Tsujikawa
13d3f785bd
Make ImmutableString(const std::string&) explicit
2016-08-26 22:52:08 +09:00
Tatsuhiro Tsujikawa
39c068974d
Make ImmutableString(const char*) explicit
2016-08-26 22:40:59 +09:00
Tatsuhiro Tsujikawa
0d4d1a63d4
nghttpx: Add --server-name option to change server response header field
2016-08-26 22:28:09 +09:00
Tatsuhiro Tsujikawa
4749e66c67
nghttpx: Disallow copying Config
2016-08-25 22:55:12 +09:00
Tatsuhiro Tsujikawa
cf7f87c2ad
nghttpx: Log error code from getsockopt(SO_ERROR) on first write event
2016-08-25 00:25:03 +09:00
Tatsuhiro Tsujikawa
8f47b68a95
nghttpx: Set do_signal_write_ when TLS handshake was completed
2016-08-23 21:36:43 +09:00
Tatsuhiro Tsujikawa
d9139fc286
asio: Fix reserved size
2016-08-22 22:30:25 +09:00
Tatsuhiro Tsujikawa
5f65460944
nghttpx: Don't change pushed stream's priority
...
There is a discussion in httpbis mailing list which argues that
dependency tree is for client, and changing it in server side is not
what client expects.
https://lists.w3.org/Archives/Public/ietf-http-wg/2016JulSep/0416.html
Currently, we make pushed stream depend on the parent stream of
associated stream (that is main HTML in most of the cases), so that
associated stream and pushed stream become siblings. In this case, we
also observed that these resources complete each other to get its
parent weight. This means that the delivery of associated stream is
delayed by pushed streams.
So at this moment, it is not a good idea to change pushed stream
priority in a way we do currently.
2016-08-20 22:09:18 +09:00
Tatsuhiro Tsujikawa
41b2745dad
nghttpx: Log backend connection failure in WARN level
2016-08-19 16:25:05 +09:00
Tatsuhiro Tsujikawa
30f9f9ef87
nghttpx: Guard with LOG_ENABLED(INFO)
2016-08-19 16:24:48 +09:00
Tatsuhiro Tsujikawa
4807e71b7d
nghttpx: Fix bug that api and healthmon params do not work with http2 proxy
2016-08-18 22:31:53 +09:00
Tatsuhiro Tsujikawa
b8883101d3
deflatehd: Call nghttp2_hd_deflate_change_table_size only if table size is changed from default
2016-08-18 17:19:24 +09:00
Tatsuhiro Tsujikawa
8df2c357d9
nghttp: Adjust weight according to Firefox stable
2016-08-11 21:59:34 +09:00
Tatsuhiro Tsujikawa
ad3d43b8be
nghttpx: Add access log variable for backend host and port
...
Use $backend_host and $backend_port. $backend_host is backend host
name given in --backend option. It could be a path to UNIX domain
socket.
2016-08-05 00:04:47 +09:00
Tatsuhiro Tsujikawa
210a5c4f01
nghttpx: Use copy instead of const reference of backend group
2016-08-04 23:11:45 +09:00
Tatsuhiro Tsujikawa
54f640f3e1
nghttpx: Update doc
2016-07-31 20:50:07 +09:00
Tatsuhiro Tsujikawa
e2906025c8
nghttpx: Don't exit from save_pid and set_alpn_prefs
2016-07-31 20:35:10 +09:00
Tatsuhiro Tsujikawa
9a8e9815c9
nghttpx: Cleanup
2016-07-31 20:26:03 +09:00
Tatsuhiro Tsujikawa
8c3e864989
nghttpx: Define ~Config for automatic clean up with std::unique_ptr
...
Now config global is backed with std::unique_ptr. configuration
swapping dance is now a bit cleaner, but YMMV.
2016-07-31 19:01:29 +09:00
Tatsuhiro Tsujikawa
22570b7260
nghttpx: Close fd when error occurred in reload operation
...
This commit also fixes the bug that old configuration is still used
for worker process. The another bug fix is that inherited, but not
used fd is not closed in worker process. That makes reloading next
configuration fail if it contains the address which are leaked into
worker process.
2016-07-31 18:47:03 +09:00
Tatsuhiro Tsujikawa
fb49182c29
nghttpx: Move original_argv, argv, argc, and cmdcfgs to StartupConfig
2016-07-31 16:34:55 +09:00
Tatsuhiro Tsujikawa
b9b648e0ed
nghttpx: Remove last_worker_pid from Config
...
The last_worker_pid is known by inspecting the last entry of
worker_processes.
2016-07-31 16:20:00 +09:00
Tatsuhiro Tsujikawa
494775a25d
nghttpx: Rename SignalServer with WorkerProcess
2016-07-31 16:16:23 +09:00
Tatsuhiro Tsujikawa
1214f9e23b
nghttpx: Reload configuration with SIGHUP
...
This commit implements configuration reloading with SIGHUP.
There are rough edges left:
* Rename SignalServer with more meaningful name, say, WorkerProcess.
* We should introduce global configuration object which is not
affected by configuration reloading. It should hold cmdcfgs, argc,
argv, and last worker PID.
* We should close the listener file descriptor when some operation was
failed after that.
2016-07-31 15:57:41 +09:00
Tatsuhiro Tsujikawa
a54cda22ab
nghttpx: Do creation of InheritedAddr in a dedicated function for reuse
2016-07-31 00:35:15 +09:00
Tatsuhiro Tsujikawa
af5b354685
nghttp: next_weight_idx is enough to be an local variable
2016-07-29 19:36:05 +09:00
Tatsuhiro Tsujikawa
3c1c2c4aad
nghttp: Allow multiple -p option
...
The N-th -p options sets N-th URI's weight. If the number of -p is
less than the number of URIs, the last -p value is repeated. If no -p
is set, use default weight, 16.
2016-07-27 05:10:27 +09:00
Tatsuhiro Tsujikawa
33153010c5
nghttpx: Retry memcached connection
...
Previously, we didn't retry request on connection failure. Sometimes
we hit the edge case where connection is about to lost just when we
write request. To avoid this situation, we now retry request to
failed attempt. We also add ConnectBlocker to MemcachedConnection not
to attempt to connect to memcached if connection could not be made
previously.
2016-07-08 23:41:53 +09:00
Tatsuhiro Tsujikawa
30f26a2b9d
nghttpx: Explicitly cast to uint32_t for hash calculation
2016-07-06 23:58:53 +09:00
Tatsuhiro Tsujikawa
2bbe4422d2
nghttpx: Use consistent hashing for client IP based session affinity
...
We use technique described in https://github.com/RJ/ketama
2016-07-06 23:31:10 +09:00
Tomasz Buchert
5d3535126e
Fix FTBFS on armel by explicitly including the <mutex> header.
2016-07-05 00:04:23 +09:00
Tatsuhiro Tsujikawa
fd7d3c57d7
nghttpx: Use faster version of power
...
In our use case, x and y is quite small, and there is no chance for
overflow, and y is always integer.
2016-06-27 22:42:28 +09:00
Tatsuhiro Tsujikawa
179561e4be
nghttpx: Cast to double to fix build with gcc 4.8 on Solaris 11
2016-06-27 22:33:25 +09:00
Tatsuhiro Tsujikawa
903e0077aa
nghttpx: Fix build error with libressl
2016-06-27 22:29:07 +09:00
Tatsuhiro Tsujikawa
6fd4dd99da
nghttpx: Update doc
2016-06-26 22:33:17 +09:00
Tatsuhiro Tsujikawa
65095c448d
nghttpx: Fix compile error with gcc -Werror=comment
2016-06-25 23:57:40 +09:00
Tatsuhiro Tsujikawa
76e188e368
nghttpx: Fix compile error with gcc
2016-06-25 23:57:26 +09:00
Tatsuhiro Tsujikawa
0613a16c11
nghttpx: Fix compile error without --with-mruby
2016-06-25 23:56:46 +09:00
Tatsuhiro Tsujikawa
aced5b3b6c
nghttpx: Fix memory leak from CertLookupTree
2016-06-25 23:47:22 +09:00
Tatsuhiro Tsujikawa
97d8bb16e6
nghttpx: Update doc
2016-06-25 23:37:29 +09:00
Tatsuhiro Tsujikawa
3e14f0d8a5
nghttpx: Fix compile error with openssl 1.0.1
...
openssl lacks SSL_CTX_get0_certificates().
2016-06-25 23:35:37 +09:00
Tatsuhiro Tsujikawa
f7c0d48152
nghttpx: Rewrite CertLookupTree using Router
2016-06-25 22:52:01 +09:00
Tatsuhiro Tsujikawa
2a4733857f
nghttpx: Reduce TTFB with large number of incoming connections
...
To reduce TTFB with large number of incoming connections, we now
intentionally accept one connection at a time, so that it does not
delay the TTFB of the existing connection. This is significant
especially for TLS connections.
2016-06-25 11:50:33 +09:00
Tatsuhiro Tsujikawa
3c1efeff55
nghttpx: Don't reset read timer on write in LiveCheck
2016-06-24 22:25:43 +09:00
Tatsuhiro Tsujikawa
532f801fbd
nghttpx: Don't reset read timer on write in memcached connection
2016-06-24 00:11:29 +09:00
Tatsuhiro Tsujikawa
cbced219ec
nghttpx: Rewrite read timer handling
...
For HTTP/2, read timer starts when there is no downstream, and timer
stops when there is at least one downstream. For HTTP/1, read timer
starts when request handling finished, and timer stops when request
handling starts.
2016-06-24 00:04:39 +09:00
Tatsuhiro Tsujikawa
66ca8272ca
nghttpx: Clean up neverbleed AF_UNIX socket
2016-06-23 23:04:47 +09:00
Tatsuhiro Tsujikawa
aa16412850
nghttpx: Add --backend-max-backoff option
2016-06-22 00:13:43 +09:00
Tatsuhiro Tsujikawa
e2bdf1d734
nghttpx: Enforce the fact that api and healthmon are mutually exclusive
2016-06-21 22:44:26 +09:00
Tatsuhiro Tsujikawa
123752a032
nghttpx: Handle error from push_upload_data and end_upload_data
...
We have to gracefully handle the case where response ends before
request body is fully received.
2016-06-17 22:32:15 +09:00
Tatsuhiro Tsujikawa
ec5e438a7c
nghttpx: Make backend fail with TLS handshake failure, including ALPN mismatch
2016-06-17 00:53:38 +09:00
Tatsuhiro Tsujikawa
c0b6b9a282
nghttpx: Use 16KiB buffer for reading to match TLS record size
2016-06-17 00:50:40 +09:00
Tatsuhiro Tsujikawa
fa8bccbae2
nghttpx: Move api enabled to APIConfig
2016-06-17 00:09:15 +09:00
Tatsuhiro Tsujikawa
56e7cd4be2
nghttpx: Add healthmon parameter to -f option to enable health monitor mode
2016-06-17 00:00:37 +09:00
Tatsuhiro Tsujikawa
af9662f971
nghttpx: Make API processing one of alternative mode
2016-06-16 23:30:35 +09:00
Tatsuhiro Tsujikawa
af4e262d47
nghttpx: Use AI_NUMERICSERV
2016-06-16 23:06:17 +09:00
Tatsuhiro Tsujikawa
96218a1078
nghttpx: Fast backend replacement on multi thread environment
2016-06-16 23:04:06 +09:00
Tatsuhiro Tsujikawa
50c9c3358a
nghttpx: Silence logging
2016-06-16 22:12:42 +09:00
Tatsuhiro Tsujikawa
6f025619de
nghttpx: Use dedicated worker for API processing
...
Some API processing is very slow (e.g., getaddrinfo). To avoid to
slow down regular request handling, if multi threaded configuration is
enabled, we allocate dedicated worker for API.
2016-06-16 21:22:36 +09:00
Tatsuhiro Tsujikawa
7e31340045
nghttpx: Receive reference of std::mt19937, not making a copy
2016-06-16 21:11:39 +09:00
Tatsuhiro Tsujikawa
cddb411495
nghttpx: Fix bug that backend never return to online
2016-06-16 00:57:26 +09:00
Tatsuhiro Tsujikawa
92572203e7
nghttpx: Fix stack buffer overflow with API call
2016-06-16 00:39:11 +09:00
Tatsuhiro Tsujikawa
d48d399fb3
nghttpx: Allow query in API endpoint
2016-06-13 22:11:26 +09:00
Tatsuhiro Tsujikawa
81bfb84b32
nghttpx: Rename backend/replace API as backendconfig
2016-06-13 21:17:53 +09:00
Tatsuhiro Tsujikawa
11bca9a98a
h2load: Document the behaviour when -d is used with HTTP/1.1 connection
2016-06-12 18:56:32 +09:00
Tatsuhiro Tsujikawa
2868370f9e
h2load: http1: Send header + body in one packet
2016-06-12 18:54:06 +09:00
Tatsuhiro Tsujikawa
9f6c947a87
h2load: Use memchunks
2016-06-12 18:50:52 +09:00
Tatsuhiro Tsujikawa
1a2dc1e822
h2load: Add content-length header field for HTTP/2 and SPDY as well
2016-06-12 17:52:47 +09:00
Tatsuhiro Tsujikawa
7469139dda
h2load: Implement HTTP/1 upload
...
h2load has supported uploading a file quite a while, but it turns out
that it worked with HTTP/2 and SPDY only. HTTP/1 with upload did not
work. This commit fixes this bug, and implement HTTP/1 upload. Due
to architectural limitation of h2load, when -d option is used, the
number of in-flight pipe-lined requests is set to 1.
2016-06-12 17:42:12 +09:00
Tatsuhiro Tsujikawa
c06e8c89ff
nghttpx: Use BlockAllocator in match_downstream_addr_group
2016-06-11 18:41:43 +09:00
Tatsuhiro Tsujikawa
a809da68a3
nghttpx: Aggregate router configuration into one struct
2016-06-11 18:25:38 +09:00
Tatsuhiro Tsujikawa
084206bace
nghttpx: Handle edge case wildcard pattern and add tests
...
Suppose the wildcard patterns follows:
- *.nghttp2.org/foo
- *.img.nghttp2.org/bar
Previously, s.img.nghttp2.org/foo does not match anything. Now it
matches first pattern.
2016-06-11 13:33:59 +09:00
Tatsuhiro Tsujikawa
288449b9bc
nghttpx: Rewrite wildcard router
2016-06-10 23:43:44 +09:00
Tatsuhiro Tsujikawa
38f4f50e93
nghttpx: Erase wildcard patterns with http2 proxy enabled
2016-06-09 23:32:27 +09:00
Tatsuhiro Tsujikawa
f9897f8ccd
nghttpx: Fix bugs and crash when affinity is enabled
2016-06-09 23:17:41 +09:00
Tatsuhiro Tsujikawa
143d0b69b7
nghttpx: Implement client IP based session affinity
2016-06-09 22:35:59 +09:00
Tatsuhiro Tsujikawa
ac97c122d4
nghttpx: Fix memory leak
2016-06-06 00:16:25 +09:00
Tatsuhiro Tsujikawa
3cd0b87685
nghttpx: Make API endpoint work with SPDY
2016-06-05 23:35:30 +09:00
Tatsuhiro Tsujikawa
2867f03861
nghttpx: Close TODO comments
2016-06-05 23:02:50 +09:00
Tatsuhiro Tsujikawa
708c99c052
nghttpx: Describe api parameter in --frontend option
2016-06-04 18:48:16 +09:00
Tatsuhiro Tsujikawa
d3495405d9
nghttpx: Change API endpoint URI
2016-06-04 18:37:37 +09:00
Tatsuhiro Tsujikawa
aad2a24a22
nghttpx: Use JSON for API resposne body
2016-06-04 18:18:07 +09:00
Tatsuhiro Tsujikawa
27fa9c3c12
nghttpx: Only allow POST and PUT for API request
2016-06-04 17:55:48 +09:00
Tatsuhiro Tsujikawa
92db6820d8
nghttpx: Close API request connection for 400 and 413 response
2016-06-04 17:43:48 +09:00
Tatsuhiro Tsujikawa
851cbd49f4
nghttpx: Only parse backend option for API request for now
2016-06-04 17:43:37 +09:00
Tatsuhiro Tsujikawa
8288f5713b
nghttpx: Add --api-max-request-body option to set maximum API request body size
2016-06-04 17:24:54 +09:00
Tatsuhiro Tsujikawa
951ef0c6d5
nghttpx: Fix typo
2016-06-04 17:23:47 +09:00
Tatsuhiro Tsujikawa
9653ae98a6
nghttpx: Send 100-continue for API request
2016-06-04 17:23:21 +09:00
Tatsuhiro Tsujikawa
d837887af6
nghttpx: Avoid copy
2016-06-04 16:23:50 +09:00
Tatsuhiro Tsujikawa
2a504224de
nghttpx: Rename BlockAllocator::destroy as BlockAllocator::reset
2016-06-04 16:23:31 +09:00
Tatsuhiro Tsujikawa
d0bf247419
nghttpx: Refactor graceful shutdown in Http2Upstream
...
Instead of using bool flag, just stop prepare watcher.
2016-06-04 12:43:17 +09:00
Tatsuhiro Tsujikawa
9237d30e34
nghttpx: Remove flow_control_ from Http2Session
...
This is a legacy of SPDY era where it can disable flow control.
2016-06-04 12:38:39 +09:00
Tatsuhiro Tsujikawa
ef3fa23b2e
nghttpx: Send GOAWAY for retired h2 backend connection
2016-06-04 12:36:22 +09:00
Tatsuhiro Tsujikawa
cb7269f334
nghttpx: Close and disallow h1 backend connection on backend replacement
2016-06-04 12:16:31 +09:00
Tatsuhiro Tsujikawa
0ca7c4cb38
nghttpx: Send notice to replace downstream via ConnectionHandler
2016-06-04 01:02:57 +09:00
Tatsuhiro Tsujikawa
43913838b4
nghttpx: Retain memory in Router
2016-06-03 23:52:44 +09:00
Tatsuhiro Tsujikawa
845aa7a710
nghttpx: Share downstream config object
...
This is the unit of sharing configurations to change
2016-06-03 19:57:43 +09:00
Tatsuhiro Tsujikawa
fe58614b23
nghttpx: Use std::shared_ptr for downstream addresses so that we can swap them
2016-06-03 01:20:49 +09:00
Tatsuhiro Tsujikawa
2fd095d036
nghttpx: Share the code to configure backends
2016-06-03 00:22:55 +09:00
Tatsuhiro Tsujikawa
09150a7927
nghttpx: Pass pointer to Config object to store parsed configurations
2016-06-02 23:59:59 +09:00
Tatsuhiro Tsujikawa
667c8b0e27
nghttpx: Add APIDownstreamConnection to handle API request
...
For those connections via frontend with api parameter, they use solely
APIDownstreamConnection.
In this commit, APIDownstreamConnection just consumes all request
body, and do nothing. The next few commits implements our first API
endpoint: /v1/api/dynamicconfig.
2016-06-02 23:50:56 +09:00
Tatsuhiro Tsujikawa
2a0d0e798b
nghttpx: Add api parameter to --frontend option to mark API endpoint
2016-06-02 23:50:00 +09:00
Tatsuhiro Tsujikawa
3753b47475
src: Fix compiler warnings
2016-05-31 21:26:21 +09:00
Tatsuhiro Tsujikawa
e4dc6cf432
src: Use nghttp2_session_set_local_window_size()
2016-05-29 23:34:38 +09:00
Tatsuhiro Tsujikawa
f68dc02d6b
nghttpx: Remove unused private field from Connection object
2016-05-28 22:46:56 +09:00
Tatsuhiro Tsujikawa
2ca3bf7a7e
nghttpx: Fix bug that timeout on h1 backend makes that backend unavailable
2016-05-28 22:41:24 +09:00
Tatsuhiro Tsujikawa
43b045e84c
nghttpx: Fix compile error with gcc
2016-05-28 19:50:36 +09:00
Tatsuhiro Tsujikawa
852a320586
nghttpx: Cleanup code where request content-length is involved
2016-05-28 16:44:04 +09:00
Tatsuhiro Tsujikawa
81b3e3811b
nghttpx: Fix bug that 503 is returned if backend proto is not mixed
2016-05-26 04:49:36 +00:00
Tatsuhiro Tsujikawa
26eb983cf0
nghttpx: Fix bug that h2 is used while there is no h2 backend
2016-05-26 00:14:11 +09:00
Tatsuhiro Tsujikawa
e0491c2ee8
nghttpx: Refactor protocol selection in backend
2016-05-25 23:07:04 +09:00
Tatsuhiro Tsujikawa
2a4bf9f615
nghttpx: Allow mixed protocol and TLS settings among backends under same pattern
2016-05-24 23:36:43 +09:00
Tatsuhiro Tsujikawa
45f7c17932
nghttpx: Make backend fail if connect attempt is timed out
2016-05-24 21:59:24 +09:00
Tatsuhiro Tsujikawa
f2a1fadda9
nghttpx: Make backend fail if connect operation was timed out
2016-05-24 21:24:30 +09:00
Tatsuhiro Tsujikawa
98396f00ff
nghttpx: Cleane up bit more of save_pid()
2016-05-24 01:32:11 +09:00
Tatsuhiro Tsujikawa
e7d5cfff30
nghttpx: Fix crash introduced in the previous commit
2016-05-24 00:10:53 +09:00
Tatsuhiro Tsujikawa
c308be39de
nghttpx: Write PID in temporary file then rename
...
Write PID in temporary file first. Then rename it as the real
destination. It will avoid the issue that the external process may
read the empty PID file because of race condition.
2016-05-23 22:39:38 +09:00
Tatsuhiro Tsujikawa
65135bc319
nghttpx: Check null just in case
2016-05-22 21:57:24 +09:00
Tatsuhiro Tsujikawa
0fca352114
nghttpx: Make SETTINGS timeout value configurable
...
SETTINGS timeout can be configurable using
--frontend-http2-settings-timeout and
--backend-http2-settings-timeout.
2016-05-21 14:13:57 +09:00
Tatsuhiro Tsujikawa
9a3461e2b6
nghttpx: Use ev_timer_start intead of ev_timer_again for settings_timer_
...
Since we only use it once, we don't have to use ev_timer_again, and
stop timer manually.
2016-05-21 13:48:41 +09:00
Tatsuhiro Tsujikawa
0b9ee38db6
nghttpx: Handle corner case where session is going down just after ACK recved
2016-05-21 13:44:53 +09:00
Tatsuhiro Tsujikawa
a224aba577
nghttpx: No need to check activeness of SETTINGS ACK timer
...
We don't have to check activeness of SETTINGS ACK timer since we only
send SETTINGS frame without ACK only once per session at the moment.
2016-05-21 13:18:22 +09:00
Tatsuhiro Tsujikawa
9f770fec36
nghttpx: Save PID file after it is ready to accept connections
2016-05-21 10:42:09 +09:00
Tatsuhiro Tsujikawa
e6dfd4ff27
nghttpx: Call downstream_failure rather than on_failure in HTTP/1 backend
2016-05-21 10:34:47 +09:00
Tatsuhiro Tsujikawa
e99f3c58f7
nghttpx: Call downstream_failure where it should be
...
Also, we say connection succeeded only when we got SETTINGS ACK from
peer, rather than when we just connected to the peer in TCP or TLS.
2016-05-21 10:30:09 +09:00
Tatsuhiro Tsujikawa
2a3b6c11eb
nghttpx: Don't restart SETTINGS timer, and fix log message in HTTP/2 frontend
2016-05-21 10:29:11 +09:00
Tatsuhiro Tsujikawa
e26d6a2b27
nghttpx: Don't re-enter offline if it is already in offline mode
2016-05-21 10:28:16 +09:00
Tatsuhiro Tsujikawa
dce7288658
nghttpx: Wait for SETTINGS ACK to make sure that backend h2 server is alive
2016-05-21 00:30:54 +09:00
Tatsuhiro Tsujikawa
d1968c4465
nghttpx: Treat backend failure if SETTINGS is not received within timeout
2016-05-19 23:12:34 +09:00
Tatsuhiro Tsujikawa
629f1e6f0f
nghttpx: Add connection: close to mruby response in graceful shutdown period
2016-05-18 01:21:23 +09:00
Tatsuhiro Tsujikawa
7a3c656adf
nghttpx: Refactor
2016-05-15 21:05:20 +09:00
Tatsuhiro Tsujikawa
796160cb77
nghttpx: Don't add chunked encoded response body for HEAD request
2016-05-14 17:47:58 +09:00
Tatsuhiro Tsujikawa
5c82a36072
nghttpd: Set content-length in status response
2016-05-14 17:29:50 +09:00
Tatsuhiro Tsujikawa
b011012d8f
nghttpx: Use NGHTTP2_DATA_FLAG_NO_COPY for backend HTTP/2 session
2016-05-14 17:17:27 +09:00
Tatsuhiro Tsujikawa
8026bdd45a
nghttpx: Don't keep backend connection if request buffer is not empty
2016-05-14 17:16:50 +09:00
Tatsuhiro Tsujikawa
de3f2951b3
h2load: Robust error handling in POST data
2016-05-14 00:40:35 +09:00
Tatsuhiro Tsujikawa
d00788ceeb
nghttp: More robust error handling while reading file
2016-05-14 00:23:44 +09:00
Tatsuhiro Tsujikawa
e0df95a1d8
nghttp: Eliminate zero length DATA frame at the end if possible
2016-05-14 00:18:22 +09:00
Tatsuhiro Tsujikawa
6d22898936
src: Compile with OpenSSL 1.1.0-pre5
...
* don't use CRYPTO_LOCK stuff (they are sorted out by openssl, and no
application intervention is required, just like boringSSL)
* don't use OPENSSL_config
* use provided API to access BIO member
2016-05-07 16:18:58 +09:00
Tatsuhiro Tsujikawa
15a9dfbaea
nghttpd: Enable kqueue if it is available on the running platform
2016-05-06 23:45:56 +09:00
Tatsuhiro Tsujikawa
c6facaf662
h2load: Enable kqueue if it is available in the running platform
2016-05-06 23:40:55 +09:00
Tatsuhiro Tsujikawa
60e443b90b
h2load: Fix crash on exit on FreeBSD
2016-05-06 23:38:15 +09:00
Tatsuhiro Tsujikawa
d39335829d
nghttpx: Enable kqueue by default
...
We enabled libev kqueue backend in nghttpx by default. Since it might
not work on some platforms, we also added --no-kqueue option to
disable it.
2016-05-06 23:10:09 +09:00
Tatsuhiro Tsujikawa
752b5b3d44
nghttpx: Just call execv instead of execve
2016-05-05 23:08:42 +09:00
Tatsuhiro Tsujikawa
70e8dc3761
ngttpx: Pass environ to execve
2016-05-02 23:39:14 +09:00
Tatsuhiro Tsujikawa
3712c89a66
nghttpx: Use parameter instead of keyword for consistency
2016-04-29 22:47:49 +09:00
Tatsuhiro Tsujikawa
fd801864e3
nghttpx: Add sni keyword to --backend option
...
The --backend-tls-sni-field is deprecated in favor of sni keyword.
--backend-tls-sni-field still works, and it overrides all sni keyword
in --backend option. But it will be removed in the future release.
2016-04-29 14:42:18 +09:00
Tatsuhiro Tsujikawa
99f7e7e2a5
nghttpx: Add mruby env.server_addr and env.tls_used attributes
2016-04-29 12:17:25 +09:00
Tatsuhiro Tsujikawa
6c999e6fb5
nghttpx: Enable TLS session cache again in memcached connection
2016-04-28 22:57:34 +09:00
Tatsuhiro Tsujikawa
4aa4fe56e1
nghttpx: Destroy SSL object, and always lookup TLS session cache
2016-04-28 22:25:55 +09:00
Tatsuhiro Tsujikawa
09b97a3313
nghttpx: Add mruby env.server_port to return frontend server side port
2016-04-28 00:19:30 +09:00
Tatsuhiro Tsujikawa
d2f4e4e325
nghttpx: Always expect response trailer fields
2016-04-27 23:00:36 +09:00
Tatsuhiro Tsujikawa
2d2b72d4eb
nghttpx: Don't add 0-length DATA when response HEADERS bears END_STREAM flag
2016-04-27 21:19:28 +09:00
Tatsuhiro Tsujikawa
b39ad3135d
nghttpx: Don't use CN if we have dNSName or iPAddress field
2016-04-26 22:32:55 +09:00
Tatsuhiro Tsujikawa
f939000ad9
Update man pages
2016-04-25 21:58:37 +09:00
Brian Suh
5487b64fa6
nghttpx: Fix downstream connect callback called early
2016-04-24 20:49:38 -07:00
Tatsuhiro Tsujikawa
3d00dd6537
nghttpx: Fix erroneous division by sizeof(...)
2016-04-24 17:42:24 +09:00
Tatsuhiro Tsujikawa
b0e98718f5
src: Handle return value of getsockopt
2016-04-24 00:42:11 +09:00
Tatsuhiro Tsujikawa
86777defa8
nghttpx: Workaround for some older gcc4.9
2016-04-23 18:20:50 +09:00
Tatsuhiro Tsujikawa
68059ccda9
nghttp: Use nghttp2_session_mem_recv
2016-04-21 23:30:35 +09:00
Tatsuhiro Tsujikawa
bc2b941866
nghttpx: Wildcard match for CN
2016-04-21 22:53:07 +09:00
Tatsuhiro Tsujikawa
9b81eec944
nghttpx: Remove trailing "." from SAN DNS name and CN
2016-04-21 22:44:26 +09:00
Tatsuhiro Tsujikawa
00bf701600
nghttpx: Truncate too long -b option signature
2016-04-18 23:45:33 +09:00
Tatsuhiro Tsujikawa
5339c1774c
nghttpx: Log when backend group is shared
2016-04-16 22:04:35 +09:00
Tatsuhiro Tsujikawa
6f52da834b
nghttpx: Fix bug that server push from mruby script did not work
2016-04-16 18:52:14 +09:00
Tatsuhiro Tsujikawa
81f81e6b70
nghttpx: Error handling without assert
2016-04-13 19:22:32 +09:00
Tatsuhiro Tsujikawa
a16daf109b
nghttpx: Try next HTTP/1 backend address when connection cannot be made
2016-04-13 00:38:21 +09:00
Tatsuhiro Tsujikawa
b6708a4b87
nghttpx: Retry next HTTP/2 backend address when connection cannot be made
2016-04-13 00:38:08 +09:00
Tatsuhiro Tsujikawa
a14cea6363
nghttpx: Enable link header field based push for non-final response
2016-04-10 18:58:54 +09:00
Tatsuhiro Tsujikawa
9e64d10223
nghttpx: Move fall/rise configuration to --backend option
...
This commit removes --backend-fall and --backend-rise options. The
these configurations are now set as fall and rise parameters in
--backend option.
2016-04-09 21:58:08 +09:00
Tatsuhiro Tsujikawa
795ee8c20f
altsvc: Receive ALTSVC frame
2016-04-08 23:25:56 +09:00
Tatsuhiro Tsujikawa
9b4089c244
src: Log ALTSVC
2016-04-08 23:25:56 +09:00
Tatsuhiro Tsujikawa
4a6fc6cede
src: Add missing source file to CMakeLists.txt
2016-04-08 23:19:54 +09:00